What does ERP have to do with GDPR?

Avi Troub, VP Global Sales & Channels, Priority Software explains…

GDPR is finally here, with companies getting on board to get their data and processes in check. Depending on what’s higher, fines for breaching the regulation can be either 4 per cent of global annual turnover or €20 million, which can be damaging for companies of all sizes. And with recent research from KPMG highlighting that 54 per cent of companies feel that their businesses aren’t GDPR ready, it’s important that companies understand what they need to do and how.

Getting company and customer data in order can seem like a daunting task, especially for those leaving it to the last minute. Up until now, data protection laws haven’t changed much since the 90s, which is surprising given how much has changed with regard to our digital identities. From social media, to mailing lists, to the Internet of Things, many of us are leaving trails of our digital identity wherever we go.

Investing in the right technology can help your company achieve GDPR compliance, as well as ensure your company doesn’t slip up over time. Enter Enterprise Resource Planning. ERP in a nutshell, is technology that helps companies manage and analyse their activities, from finances and project management, CRM to supply chain management, to HR… and everything in between, including data protection.

ERP can centralise your data securely

GDPR is all about data, and companies are having to deal with a lot of it. From Word documents and Excel sheets, to emails and CRM systems, many businesses are storing data in disparate places. So keeping track of it can be a time-consuming, complex process, and to make things worse, it can also leave your company more prone to data breaches as different systems will have different levels of security. An Excel document containing confidential data can be shared easily, and might only be protected with a password that could be accessed by a number of different employees. On the other hand, a CRM system may have stronger security protocols (multi-factor authentication, biometrics, etc.) and tighter user access controls. Having multiple systems for storing data will also make it harder to locate the cause of a breach if one does occur, which will make it harder for companies to notify relevant authorities and their customers within the required time frame. Because modern ERP systems are an ‘umbrella’ solution that can centralise data, it’s easier to manage data security and access permissions – after all, there’s only one door to get through.

ERP systems are more secure

Not only does centralising data keep it more secure, but ERP systems allow for combinations of role-based security, data-based security and more. In other words, no employee will be able to access anything they’re not meant to. It’s easy to define and implement role-based security measures in an ERP system that includes securing and encrypting passwords. Your ERP system also goes that extra mile and can also manage the security of third-party vendors and suppliers.

Cloud ERP in particular is generally more secure than on-premise. Gartner stated recently that “multi-tenant services are not only highly resistant to attack, but are also a more secure starting point than most traditional in-house implementations”. Security today is a comprehensive, end-to-end mindset that has to be built across every layer of the ERP environment, from the physical network interface cards to the user passwords and a result, cloud ERP is more secure.

The more secure the data you collect is, the less likely you are to be subjected to a breach, increasing your chances of staying compliant with GDPR.

ERP, consent and the right to be forgotten

Part of the recent GDPR regulations state that businesses are required to obtain explicit consent from individuals if they want to contact them for sales and marketing purposes. Because ERP systems centralise data companies will be able to easily locate the trail of communication if they need evidence that a customer consented to being contacted for sales and marketing purposes.

Companies are now also required to delete customer data as part of GDPR’s ruling that people have the “right to be forgotten”. ERP systems make it easier to do this as all the data is in one place. If companies have to trawl through paper documents, spreadsheets and different systems across multiple apartments to delete all records of a customer, they’re more likely to miss something and be in violation of the regulations.

Instead of causing panic, GDPR should be a welcome regulation for companies, allowing them to get their ‘house in order’, so to speak. Companies should use this opportunity to ensure they’ve got the right technology in place to securely store their data, manage it, and be able to effectively communicate with customers.


Our Sponsors